Accepting request 1058991 from home:aplanas:branches:security

- Update to version 0.1.0+git.1672681780.762cec8:
  * build(deps): bump openssl from 0.10.41 to 0.10.45
  * build(deps): bump tokio from 1.21.1 to 1.23.0
  * Disable dnf-makecache.service to save RAM
  * CI tests: Do not remove Fedora tag repository
  * add support for cargo deb
  * Pacify clippy::needless-borrow
  * Move tpm.rs from keylime-agent to the library
  * Split crates into library and applications
- Add 0001-keylime-agent-remove-const_err-deny.patch
- Fix "cargo install" with workspaces
  https://github.com/rust-lang/cargo/issues/7599
- Add 0001-Cargo.toml-tss-esapi-bindings.patch
- Update to version 0.1.0+git.1670590616.e80c67a:
  * main: only read uuid from KeylimeConfig
  * Enabling more e2e tests in Packit CI
  * systemd: start agent after network is online
  * Cargo: Drop unused dependencies rust-ini and toml

OBS-URL: https://build.opensuse.org/request/show/1058991
OBS-URL: https://build.opensuse.org/package/show/security/rust-keylime?expand=0&rev=33

0001-Cargo.toml-tss-esapi-bindings.patch

@@ -0,0 +1,43 @@
+From df18e7f683b610e198f8d359d2036655a1891795 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Tue, 17 Jan 2023 11:35:59 +0100
+Subject: [PATCH] Cargo.toml: tss-esapi bindings
+
+Generate the tss-esapi bindings during compilation time.  This will
+extend the amount of supported architectures.
+
+This is a regression done after the crate split, that was fixed before
+in #459.
+
+Signed-off-by: Alberto Planas <aplanas@suse.com>
+---
+ keylime-ima-emulator/Cargo.toml | 2 +-
+ keylime/Cargo.toml              | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/keylime-ima-emulator/Cargo.toml b/keylime-ima-emulator/Cargo.toml
+index ee3d5c1..333a192 100644
+--- a/keylime-ima-emulator/Cargo.toml
++++ b/keylime-ima-emulator/Cargo.toml
+@@ -12,4 +12,4 @@ keylime = { path = "../keylime" }
+ log = "0.4"
+ openssl = "0.10.15"
+ thiserror = "1.0"
+-tss-esapi = "7.1.0"
++tss-esapi = {version = "7.1.0", features = ["generate-bindings"]}
+diff --git a/keylime/Cargo.toml b/keylime/Cargo.toml
+index 9693912..c343d40 100644
+--- a/keylime/Cargo.toml
++++ b/keylime/Cargo.toml
+@@ -14,7 +14,7 @@ serde = "1.0.80"
+ serde_derive = "1.0.80"
+ static_assertions = "1"
+ thiserror = "1.0"
+-tss-esapi = "7.1.0"
++tss-esapi = {version = "7.1.0", features = ["generate-bindings"]}
+ 
+ [dev-dependencies]
+ tempfile = "3.0.4"
+-- 
+2.39.0
+

0001-keylime-agent-remove-const_err-deny.patch

@@ -0,0 +1,32 @@
+From a44207e5ffde079b39b119afbf12871d2f78adf1 Mon Sep 17 00:00:00 2001
+From: Alberto Planas <aplanas@suse.com>
+Date: Mon, 16 Jan 2023 15:51:46 +0100
+Subject: [PATCH] keylime-agent: remove const_err deny
+
+In 1.66 / 1.66.1 const_err is already a hard error, and was enabled as
+such as long ago. New compilers will complain in case that this is still
+used:
+
+  warning: lint `const_err` has been removed: converted into hard error
+
+More info:
+  https://github.com/rust-lang/rust/issues/71800
+---
+ keylime-agent/src/main.rs | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/keylime-agent/src/main.rs b/keylime-agent/src/main.rs
+index 6333652..1d6fdf4 100644
+--- a/keylime-agent/src/main.rs
++++ b/keylime-agent/src/main.rs
+@@ -3,7 +3,6 @@
+ 
+ #![deny(
+     nonstandard_style,
+-    const_err,
+     dead_code,
+     improper_ctypes,
+     non_shorthand_field_patterns,
+-- 
+2.39.0
+

_constraints

@@ -0,0 +1,7 @@
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">10</size>
+    </disk>
+  </hardware>
+</constraints>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/keylime/rust-keylime.git</param>
-              <param name="changesrevision">f5de47bd3fdcf767403242d05032b5775f3883ed</param></service></servicedata>
+              <param name="changesrevision">762cec820ee1bc00ca480cf3b410e61904410ffa</param></service></servicedata>

rust-keylime-0.1.0+git.1666019359.f5de47b.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3689009ce99c1b288cdc6e77e13eb7e7b721948f0501620d584258d2c37595f2
-size 123780

rust-keylime-0.1.0+git.1672681780.762cec8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:68268240480a7dabb3475afae040ea4cf093a1e9a85333f9e72cfe32747a5402
+size 20677888

rust-keylime.changes

@@ -1,3 +1,29 @@
+-------------------------------------------------------------------
+Mon Jan 16 14:02:08 UTC 2023 - aplanas@suse.com
+
+- Update to version 0.1.0+git.1672681780.762cec8:
+  * build(deps): bump openssl from 0.10.41 to 0.10.45
+  * build(deps): bump tokio from 1.21.1 to 1.23.0
+  * Disable dnf-makecache.service to save RAM
+  * CI tests: Do not remove Fedora tag repository
+  * add support for cargo deb
+  * Pacify clippy::needless-borrow
+  * Move tpm.rs from keylime-agent to the library
+  * Split crates into library and applications
+- Add 0001-keylime-agent-remove-const_err-deny.patch
+- Fix "cargo install" with workspaces
+  https://github.com/rust-lang/cargo/issues/7599
+- Add 0001-Cargo.toml-tss-esapi-bindings.patch
+
+-------------------------------------------------------------------
+Fri Dec 09 13:10:40 UTC 2022 - aplanas@suse.com
+
+- Update to version 0.1.0+git.1670590616.e80c67a:
+  * main: only read uuid from KeylimeConfig
+  * Enabling more e2e tests in Packit CI
+  * systemd: start agent after network is online
+  * Cargo: Drop unused dependencies rust-ini and toml
+
 -------------------------------------------------------------------
 Tue Oct 25 08:16:33 UTC 2022 - aplanas@suse.com
 

rust-keylime.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package rust-keylime
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -25,7 +25,7 @@
   %define _config_norepl %config(noreplace)
 %endif
 Name:           rust-keylime
-Version:        0.1.0+git.1666019359.f5de47b
+Version:        0.1.0+git.1672681780.762cec8
 Release:        0
 Summary:        Rust implementation of the keylime agent
 License:        Apache-2.0 AND MIT
@@ -38,6 +38,10 @@ Source4:        keylime-user.conf
 Source5:        tmpfiles.keylime
 # PATCH-FIX-OPENSUSE keylime-agent.conf.diff
 Patch1:         keylime-agent.conf.diff
+# PATCH-FIX-UPSTREAM 0001-keylime-agent-remove-const_err-deny.patch gh#keylime/rust-keylime#501
+Patch2:         0001-keylime-agent-remove-const_err-deny.patch
+# PATCH-FIX-UPSTREAM 0001-Cargo.toml-tss-esapi-bindings.patch gh#keylime/rust-keylime#502
+Patch3:         0001-Cargo.toml-tss-esapi-bindings.patch
 BuildRequires:  cargo-packaging
 BuildRequires:  clang
 BuildRequires:  firewall-macros
@@ -70,7 +74,14 @@ cp %{SOURCE2} .cargo/config
 %sysusers_generate_pre %{SOURCE4} keylime keylime-user.conf
 
 %install
-%{cargo_install} --no-default-features --features "with-zmq"
+# If https://github.com/Firstyear/cargo-packaging/pull/3 gets merged,
+# replace it with:
+#
+#  \%{cargo_install -p keylime-agent} --no-default-features --features "with-zmq"
+#  \%{cargo_install -p keylime-ima-emulator}
+
+install -Dpm 0755 %{_builddir}/%{name}-%{version}/target/release/keylime_agent %{buildroot}%{_bindir}/keylime_agent
+install -Dpm 0755 %{_builddir}/%{name}-%{version}/target/release/keylime_ima_emulator %{buildroot}%{_bindir}/keylime_ima_emulator
 
 install -Dpm 0600 keylime-agent.conf %{buildroot}%{_distconfdir}/keylime/agent.conf
 install -Dpm 0644 ./dist/systemd/system/keylime_agent.service %{buildroot}%{_unitdir}/keylime_agent.service

vendor.tar.xz

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:461817a4fcad41b34e4df2965734fdb55c2dae0043eba1c5b119006a60758a9e
+oid sha256:89e4102d09cff722290c9c3e1cc18b02dd3edb7f893039b1190b41c6cb213c17
-size 21088228
+size 26221436